This was a great event that I went to last night organised by the NxtGenUG guys (what a great job these guys are doing!). Ed Gibson is Microsoft’s Chief Security Advisor in the UK and is an ex FBI employee. I think if I was told to do something by Ed, I would certainly do it! He’s got that air about him, which you probably only get from being an FBI Special Agent. His talk was mainly around cybercrime and his experiences of this and some of the legal issues involved.

There was a demo and talk by a security IT Consultant, Dinis Cruz. He showed how easy it was to compromise servers (which hadn’t been patched) and web applications which had not taken account of security issues when developed. He used an openly available tool to get command line access and then a full desktop session. It was so easy, as this tool automates the process where you can just select things from a menu! Until you see this you don’t realise the full consequences of not patching your servers (and this applies to Linux as well).

Problem is that we don’t really understand how attacks are perpretrated and so we don’t really understand how to defend our systems properly. We need to put ourselves in to the mind of the hacker and then maybe we can increase the security of our systems.